UI researchers study hacking concerns in Androids
The University of Iowa teamed up with Purdue University to research Android technology for potential hacking loopholes and develop a tool to safeguard users’ data.
Photo illustration by Hannah Kinson
December 1, 2019
The University of Iowa recently partnered with Purdue University to research how Androids can be hacked and potentially exploit a user’s information, and developed a tool that safeguards users’ personal data.
UI Computer Science Assistant Professor Omar Chowdhury was the lead UI contributor to the project. The research concluded that Android technology, specifically in phones, can be tampered with in order to snoop on the personal data of its owner, he said.
This type of research has been a long time coming, Chowdhury said, and it is important to focus on Android specifically, because it is the most popular operating system and an open source that enables researchers to do things systematically.
“It started off as a hunch,” Chowdhury said. “This problem seemed very complicated, since the technology sphere is pretty humongous. It’s hard to get this research right. Once we started looking into [Androids], some of the results really did surprise us.”
RELATED: Advanced virtual-reality tech helps UI scientists study pedestrian behavior
Chowdhury said the impact of this study is important for all technology users, not just those who use Androids.
“If you have a headset or a Bluetooth device from any vendor, it can leak private, device-specific information from anyone to anyone,” Chowdhury said. “The general public doesn’t understand what kind of protection or robustness they provide in terms of security, and it’s a risk.”
The UI and Purdue developed a tool as a response to their study, which anyone can use to improve the safety of their information, Chowdhury said. He added that the fully automated tool finds problematic commands on Android devices specifically. It doesn’t change a user’s experience, he said — it just keeps their private information safer.
Purdue University graduate student Imtiaz Karim, the lead researcher on the project, said in an email to The Daily Iowan that developing this tool was always the end goal for this research.
“AT interface is an access point to the baseband processor, its correctness is crucial and any flaws in the interface can give an easy pathway to attackers,” he said. “From this intuition, we started the research and [since] have developed a new testing tool dubbed ATFuzzer to analyze the correctness of an entry point for accessing the cellular modem of a device.”
Karim said any vulnerability in Android smartphones could have a catastrophic impact on the daily lives of people across the country, because of the number of citizens who use the technology.
“Our research is vital to protect the privacy and security of these devices,” he said in an email. “Our tool can help vendors detect these vulnerabilities and can make the smartphone more reliable and secure.”
RELATED: UI researchers develop technology to promote sustainable farming
This research is important to both UI students and the general public, UI first-year student Kaitlyn Ryan said.
“I use an Android phone,” she said. “I think this research is important, and I’m glad someone looked into the bigger consequences of technology use and the specific conditions when hacking occurs.”
Their research doesn’t end here, Chowdhury said, because it opened many doors for future research projects that he intends to be part of.
“We would like to pursue other possible, efficient ways to test Android technology better and extend this tool to other operating systems,” Chowdhury said. “As technology users, we tend to ignore important warnings from apps on our phones. I want to continue drawing attention to this and helping people keep an eye out when they use technology.”
